Security Architecture

Question 1

Access control is a way to discover

Answer 1

Who is accessing the information? (the Subject doing the accessing)
What is being accessed? (the Objects) being accessed)
How might the access occur? (the mechanism(s) used for access)

Question 2

What are the major concepts of access control

Answer 2

Subject, Object, Permissions, Rights

Question 3

What is the difference between a permission and a right

Answer 3

Through their rights (policy) users are granted permissions.

Question 4

Describe the interaction between subjects, rights, permissions and objects

Answer 4

Subjects - WHO
Rights - HOW
Permissions - HOW
Objects - WHAT

Question 5

Access control coupled with __________ establishes the basis for accountability

Answer 5

Auditing

Question 6

Auditing is

Answer 6

The process of recording access control actions

Question 7

A system should be governed by a written standard that specifies the rules applicable to the system. These rules are derived from

Answer 7

• Laws
• Regulations
• Industry standards
• Organisational policies

Question 8

The compilation of rules applicable to a particular IT system forms the

Answer 8

security policy

Question 9

The security policy addresses

Answer 9

managerial, operational, and technical security requirements for a system.

Question 10

More often than not ______________________ in an IT system represents the bulk of the technical security within the security policy. The interpretation of the correct

Answer 10

access control and auditing

Question 11

Access control at the network level tends to be more (1) such as allowing or disallowing access to (2)

Answer 11

connection oriented
ports and protocols associated with given IP addresses.

Question 12

Each subject identified in an ACL is known as an

Answer 12

Access control entity

Question 13

The _____________ is used to manage each ACL in the system

Answer 13

ACL repository

Question 14

_____________ is the predominant access control technique in use today. Most commodity systems implement some form of it in some form.

Answer 14

Discretionary Access Control (DAC)

Question 15

The underlying concept of DAC is

Answer 15

to give an object owner the discretion to decide who is authorised access to an object and to what extent.

Question 16

Why does the read permission not always mean read only

Answer 16

In the case of files it normally also means read and copy

Question 17

What is important to remember about the write permission

Answer 17

It can also mean to delete, because a file can be overwritten with a single byte

Question 18

Given the Read, Write and Execute problems that attend DAC systems what are some implementation strategies that mitigate them

Answer 18

1. Limit access to essential objects only.
2. Label sensitive data.
3. Filter information where possible.
4. Promulgate guidance that prohibits unauthorised duplication of
   information.
   5 Conduct monitoring for noncompliance.

Question 19

__________________________ is the primary means of controlling system integrity. Why do viruses often gain complete access to a system?

Answer 19

Preventing unauthorized modification of resources is the primary
means of controlling system integrity. Why do viruses often gain complete
access to a system? Excessive permissions on configuration settings and files allow the virus to write to or delete critical files.

Question 20

Access control mechanisms that are neither DAC nor mandatory access control (MAC) are referred to as forms of

Answer 20

nondiscretionary access control.

Question 21

Types of non-discretionary access control

Answer 21

1. Role-Based Access Control (RBAC)
2. Originator Controlled (ORCON)
3. Digital Rights Management (DRM)
4. Usage Controlled (UCON)
5. Rule-Based Access Control -

Question 22

MAC functions by associating 1. level with the 2. level of the target object. It is important to note that systems supporting

Answer 22

1. A subject’s clearance level with
2. The sensitivity level of the target object.

Question 23

What are common reasons why users receive rights and permissions that go beyond what is needed for the task?

Answer 23

• Lack of explicit definition of duties - Neither the user nor manager
  has a clear grasp or definition of the duties assigned to the
  individual.
• Weak internal controls - Where explicit duties are known, changes
  in duties or access controls on the system may not be periodically
  reviewed for conflicts.
• Complexities in administration - In very large, distributed
  organizations, it is difficult to know the access limitations that
  should be imposed when access control is centralized.

Question 24

Security design efforts should consider various aspects that could affect
separation of duties. At a minimum, it should be possible to enforce separation of duties through the user access control mechanisms whether the designation is manual or automated. A system should have sufficient administrative flexibility to accommodate the following aspects:

Answer 24

• Identify each explicit role
• Assign appropriate permissions
• Avoid unnecessary rights
• mitigate workflow violation potential

Question 25

What techniques can be used in small organisations to help with the problem of separation of duties?

Answer 25

Assign accounts on a per-role basis - An individual should have a
separate account for each role used.
Prevent those with multiple roles from reading and writing to the
same storage area
Auditing is vital - Consider implementing object-level auditing for
individuals with multiple roles.
Conduct more frequent evaluations

Question 26

All of the technical security controls in a system are collectively referred to as

Answer 26

the Trusted Computing Base (TCB).

Question 27

The overall security of a system is no stronger than

Answer 27

the most vulnerable components of the TCB

Question 28

What are the most common components of the TCB of most enterprise systems.

Answer 28

Port Locking and Network Access Control (switches)
User management and resource control (Workstations and Servers)
Network Filtering and Access Control (Routers)
Business data access rules (Databases)
Boundary protections (firewalls)
Information Flow Control (Application servers)

Question 29

A _________________ is the collection of components of a TCB that mediate all
access within a system. It is important to note that a security kernel may be

Answer 29

Security Kernel

Question 30

The most common functions of the security kernel include

Answer 30

Authentication, auditing, and access control.

Question 31

The operational aspect of the security functions is referred to as

Answer 31

The security reference monitor

Question 32

What does a security reference monitor generally do

Answer 32

Compares an access request against a listing that describes the allowed actions

Question 33

What does the acronym AAA refer to

Answer 33

Authentication, Authorisation and Accounting

Question 34

An access control system that is centralised relies on a

Answer 34

A single device as the security reference monitor. Authorisation and access control decisions are made from the centralised device

Question 35

What are the approaches to achieving centralised access control

Answer 35

1. The ACS proxies client requests - limits communication
2. A gatekeeper mechanism - limits communication
3. Free roaming on the network with control over individual access requests.

Question 36

What are the disadvantages of ACS

Answer 36

Single point of failure
Single point of compromise
Capacity

Question 37

A number of protocols exist that support centralized access control.

Answer 37

TACACS, TACACS+, RADIUS, and EAP are just a few of the most common access

Question 38

TACACS

Answer 38

Protocol supporting centralised access control
TACACS - This older protocol was originally used for authenticating
dial-up users. RFC 1492, “An Access Control Protocol, Sometimes
Called TACACS” (Finseth, 1993), describes the protocol and
suggests that the acronym is short for “Terminal Access Controller
Access Control System.” TACACS functions over UDP on port
49 or TCP on any locally defined port. This older protocol lacks
many important features found in others that were more recently
developed.

Question 39

A critical shortcoming in TACACS is

Answer 39

A critical shortcoming in TACACS is the lack of
encryption. All communication from a TACACS client to the
server is in cleartext. Using this protocol through an untrusted or
public network exposes the session and endpoints to a potential
compromise.

Question 40

TACACS+

Answer 40

Protocol supporting centralised access control
TACACS+ - This proprietary protocol by Cisco is based on
TACACS. It is primarily used with TCP on port 49. This protocol
overcomes the security weaknesses of its predecessor by providing
encryption for the packet payload. Authentication, Authorization,
and Accounting (AAA) capabilities are built into the protocol,
whereas it is missing from TACACS.

Question 41

Shortcoming of TACACS+

Answer 41

The use of AAA capabilities is implementation specific. Therefore, a security
architect must ensure that each TACACS+ implementation is consistent with the policy of the organization.

Question 42

RADIUS

Answer 42

Protocol supporting centralised access control
The Remote Authentication Dial In Service (RADIUS)
also has AAA capabilities built into the protocol. RADIUS
is a centralized access control protocol commonly used in the
telecommunications industry as well as by Internet service
providers. A network access server (NAS) acting as the gateway
to a network passes client access requests to the RADIUS server.

Question 43

EAP

Answer 43

Protocol supporting centralised access control
The Extensible Authentication Protocol (EAP) is a protocol
supporting multiple authentication methods. It operates above
the data link layer and therefore does not rely on IP.
Essentially a peer-to-peer protocol.
The protocol relies on the lower layer to ensure packet ordering, but
retransmissions are the responsibility of EAP.
Its design as an authentication protocol prohibits its use for data transport, which would be inefficient.

Question 44

Protection of the device used for centralised access control is vital.
List some the important counter measures

Answer 44

Reduce attack surface
Active monitoring
Device backup
Redundancy

Question 45

A collection of nodes that individually make access control decisions through a replicated database characterises a …

Answer 45

decentralized access control mechanism. The

Question 46

Although decentralized access control has advantages, it is not perfect. Some
of the issues that need to be considered when implementing decentralized access control include

Answer 46

• Continuous synchronization considerations - The access control
  mechanism is only as current as the last synchronization. Excessive gaps in the time between synchronizations may allow inappropriate access to the system or objects.
• Bandwidth usage - Synchronization events might consume a lot
  of bandwidth. Nodes joined through low-bandwidth connections
  may consume a disproportionate amount of bandwidth when
  synchronizing.
• Physical and logical protection of each access control node - A
  compromise of one access control node could propagate a
  compromise to all. Successful attacks against the centralized
  database in one location could provide the attacker with the
  ability to attack any node participating in the architecture.

Question 47

Inconsistencies in security countermeasures are a common issue with systems using decentraliSed access control. Servers providing access control services could be located in different facilities in the same region or in different parts of the world. Ensuring that the intended design is consistently applied for each instance can be quite challenging.

Answer 47

• Physical security
• Management coordination
• Remote maintenance (making it reachable to)
• Exclusion from DMZ

Question 48

Design Considerations
There are a number of issues that must be carefully considered when
implementing federated access control.

Answer 48

Cooperative effort an agreement should establish a set of security
requirements that must be met by the participants.
Mutual risk - Abuses and attacks must be considered ahead of time to ensure that appropriate countermeasures and responses are in place prior to accepting subject identities of external organisations within the federation.
Utilize a DMZ - Use proxy servers within the DMZ to
retrieve information that is needed. Avoid storing sensitive
information in the DMZ.
Exclude access control integration - it is better to establish a centralised access control system dedicated to the support of a federated access control rather than mix outsiders with those on the inside.

Question 49

The X.500 Directory Specification provides

Answer 49

A framework to specify the attributes used to create a directory as well as the methods used to access its objects

Question 50

The IETF has defined an alternative method to access an
X.500-based directory over IP that is known as

Answer 50

Lightweight Directory Access Protocol (LDAP).

Question 51

The latest Microsoft servers rely extensively on their proprietary DAP implementation known as

Answer 51

Active Directory

Question 52

Directory specifications such as X.500 enable an organization to publish
information in a way that

Answer 52

Supports hierarchical access to structured information.

Question 53

How is PKI vulnerable

Answer 53

Depends on the physical security of the device with the private key

Question 54

Traditionally, there have been two distinct approaches to Security
Management:

Answer 54

Security Event Management (SEM) and
Security Information Management (SIM).

Question 55

What are the six capabilities of a SIEM system

Answer 55

1. Data aggregation
2. Correlation
3. Alerting
4. Dashboards
5. Compliance
6. Retention

Question 56

What does the correlation function of an SIEM refer to

Answer 56

The ability to use correlation techniques to integrate data from different sources.

Question 57

A ________________ is the principal subject of interest within an access control
mechanism.

Answer 57

A system user is the principal subject of interest within an access control
mechanism.

Question 58

Ideally, ________________ will be subject to an access control mechanism.

Answer 58

every object

Question 59

What is the significant drawback of ODBC

Answer 59

SQL commands are sent in clear text

Question 60

What do security architects often use to get around the security hazards of allowing direct connections to database

Answer 60

Three-tier Web-based applications are a frequently used architecture to
provide controlled access to organizational data.

Question 61

Three-tier Web-based applications are a frequently used architecture to
provide controlled access to organizational data. Implementing this type of
architecture has its benefits and drawbacks. Discuss the benefits

Answer 61

1. A web browser can be used instead of proprietary applications
2. Provides a method of allowing multiple users to get access to the sites
3. Communication channels can be encrypted

Question 62

Three-tier Web-based applications are a frequently used architecture to
provide controlled access to organizational data. Implementing this type of
architecture has its benefits and drawbacks. Discuss the drawbacks

Answer 62

1. Increased complexity
2. Vulnerability to cross site scripting
3. Middle tier security (a breach of the server could result in a breach of the data)

Question 63

Managing through the use of groups is indeed a double-edged sword. Although it provides substantial power to mitigate risk, when not properly managed it can cause other problems. Some issues facing a security architect when controls governing group management fail are the following:

Answer 63

Orphaned groups
Duplicated groups
Separation of duty violations
Failures in least privilege

Question 64

Administering group membership is an aspect of

Answer 64

Identity management

Question 65

Groups and roles are both a type of collection, but differ in their application.
Groups are collections of ______, while roles are collections of ___________.

Answer 65

Users
Rights and permissions

Question 66

An important aspect of an RBAC implementation is _________________,
which is the fundamental attribute used to establish separation of duties.

Answer 66

mutual exclusivity

Question 67

How can the implementation of RBAC differ from one vendor to another

Answer 67

RBAC, similar to DAC, is not exactly the same from one vendor to the next.
Some vendor products claiming to support RBAC simply allow the designation
of a group of rights and permissions as a role, while others make an effort to
implement most of its desirable aspects. Ideally, an RBAC-enabled product will allow the allocation of multiple roles and the ability to specify mutual exclusivity.

Question 68

A true implementation of RBAC is predicated on a mechanism that enforces its attributes. However, this may not be practical or feasible for resource-constrained organisations using commodity systems that desire this type of access control. In these cases what can one do

Answer 68

groups could be used to mimic role-based access.

Question 69

When using groups to mimic role-based access what should one do on creation of the groups

Answer 69

Create groups as if they were roles. The mantra of fully documenting
all aspects is essential here. A detailed listing of the attributes and
uses of each group as a role is required. Inadequate or inconsistent
specification for the design and use of groups as roles will yield
less than desirable results.

Question 70

When using groups to mimic role-based access what should one do with respect to objects

Answer 70

Identify which objects in the system should have permissions associated with the roles

Question 71

When using groups to mimic role-based access what should one avoid assigning to groups

Answer 71

groups

Question 72

When using groups to mimic role-based access what should one avoid assigning on objects

Answer 72

Refrain from assigning account permissions on objects. Maintaining
role-based access means that individual accounts should be
assigned permissions only through the use of roles. This may be
problematic for service and system accounts, but in most cases
should not be too difficult for accounts assigned to people.

Question 73

When using groups to mimic role-based access should one allow users to have multiple accounts?

Answer 73

Yes, Issue users multiple accounts. This is necessary if varying levels
of rights are needed. This does not mean a user must have an
account for each role, but rather, the inclusion of a member in
a “role” must not create a situation where an account can easily
circumvent its intended use. In this regard, a solid identity
management methodology increases in importance.

Question 74

When using groups to mimic role-based access how could system services be used

Answer 74

Web-based services, portals, databases, and other automation techniques
could act as intermediaries between subjects and objects.
Designing services as a way to proxy access to objects without
actually interacting with them can be used as a way to enforce
role-based access for critical resources.

Question 75

When using groups to mimic role-based access how should one audit and monitor the system

Answer 75

monitor for inappropriate permissions and
audit for misuse

Question 76

What are the attributes to consider in Task Based Access control TBAC

Answer 76

Time
Sequence
Dependencies

Question 77

What is the standard for Task Based Access Control (TBAC)

Answer 77

The concept of TBAC is still an emerging topic. Presently, there are no
accepted standards or definitions of what TBAC entails. However, this does not detract from the usefulness of implementing access control according to the attributes of a task in a workflow. Indeed, many organizations already implement types of access control in workflows. A number of document collaboration suites implement workflows and make use of TBAC enforcement attributes.

Question 78

The routing access control list specifies

Answer 78

subnets or addresses that are accessible from a segment

Question 79

The routing access control list specifies subnets or addresses that are accessible from a segment. The critical point here is that

Answer 79

Different segments should be physically separated until they are connected to the node applying the logical access controls. This prevents an insider from spoofing an address in an alternate subnet and bypassing access controls based on physical location.

Question 80

The idea of using access controls for network segments assumes that requests for resource access originate from a node within the segment, when is this not the case

Answer 80

When the segment has been compromised by a bot or a trojan

Question 81

Enabling access controls according to device type is dependent on
two important factors:

Answer 81

1. Device recognition - Each device type must be recognizable in some
   way by the access control mechanism.
2. Policy enforcement - Access control decisions are made according
   should not be allowed to connect and pass traffic in the network.

Question 82

What happens with network based access control using physical and logical addresses

Answer 82

The rules regarding what the device is allowed to communicate with would be encoded into Layer 2 devices, Layer 3 devices, and monitoring devices.

Question 83

What happens with network based access control using 802.1X standard

Answer 83

As devices connect to the network, they are authenticated according to the certificate presented. A
RADIUS server is used to support device authentication.